From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 25 15:46:13 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3A717106568F
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Nov 2009 15:46:13 +0000 (UTC)
	(envelope-from seklecki@noc.cfi.pgh.pa.us)
Received: from collaborativefusion.com (mx01.pub.collaborativefusion.com
	[206.210.89.201])
	by mx1.freebsd.org (Postfix) with ESMTP id D15FE8FC08
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Nov 2009 15:46:12 +0000 (UTC)
Received: from Internal Mail-Server by mx01 (envelope-from
	seklecki@noc.cfi.pgh.pa.us) with AES256-SHA encrypted SMTP; 25 Nov 2009
	10:45:28 -0500
Message-ID: <4B0D5143.1060500@noc.cfi.pgh.pa.us>
Date: Wed, 25 Nov 2009 10:46:11 -0500
From: "Brian A. Seklecki (CFI NOC)" <seklecki@noc.cfi.pgh.pa.us>
Organization: Collaborative Fusion, Inc. (DRP NOC)
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Maxim Khitrov <mkhitrov@gmail.com>
References: <26ddd1750911190833l2b5ff6beucc652f7ed338c1a@mail.gmail.com>
In-Reply-To: <26ddd1750911190833l2b5ff6beucc652f7ed338c1a@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Free BSD Questions list <freebsd-questions@freebsd.org>
Subject: Re: Apache 2.2 mod_ldap refusing to work over SSL/TLS
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: bseklecki@noc.cfi.pgh.pa.us
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 15:46:13 -0000


> As far as I can tell, it doesn't even get to the certificate
> verification phase even though the STARTTLS command is successful.

Is there any level of debugging that can be increased on the Apache side 
?  Possibly a build/compile-time option for the module?

Debugging apache code can always be tricky because of the threaded/child 
process nature.

We use mod_authz_ldap and it works "okay", but OpenLDAP an can be a real 
beyotch when it comes to SSL/TLS.

E.g., we feel your pain.  The only way out, is through.

~BAS

> Anyone have a clue on what could be causing this?